For Meter.user() and Meteor.userId, why are the labeled as "Anywhere but publish functions"?


I’m having some difficulty handling issues with publish exactly the right data at the right time and with the right permissions and security in place.

This has led me to further investigate Meter.userId as it relates to publish functions, and I’m wondering why the meteor docs have the label “Anywhere but publish functions” on these sections.

(I get that it is because they shouldn’t be relied on inside publish functions, but I’d like to understand why this has to be the case . Anyone got any links I might check out?)

Currently I’m using this pattern for all my publish functions (of which I have 19):

Meteor.publish("name", function () {
    var user = Meteor.users.findOne(this.userId);
    if (user) {
        result1 = SomeCollection.find({some: data}); 
        result2 = SomeCollection.find({some: data}); 
       return [result1, result2]


if(this.userId) {} would be simpler

From the docs:

Access inside the publish function. The id of the logged-in user, or null if no user is logged in.

This is constant. However, if the logged-in user changes, the publish function is rerun with the new value.

You’ll also want to run

else { this.ready(); }

to complete the publication in case the user is not logged in